A
bug has been identified in Psiphon 3 for Windows versions 53 to 61
which caused the executable digital signature to be corrupted (an extra
byte was added to the executable file) when the executable was extracted
from an automated upgrade package.
This bug did not affect regular downloads (e.g., if you go to
psiphon3.com and
download psiphon3.exe) or email attachments; in addition, the
additional signature validation performed on automated upgrade packages
remained intact.
In
other words, only valid executables would be extracted and applied --
but the Windows authenticode signature would not appear after the
extraction process. This would cause users to be unable to manually
verify upgraded executables and also, in at least one reported case,
cause anti-virus software to issue an alert concerning the executable's
signature.
This bug is fixed in Psiphon 3 for Windows version 62, which will be available today.